noSQL Injection

noSQL Injection

In previous posts I have talked about SQL injections. It is usually the first example of computer security that is given to a student: ” ´ or 1 = 1 — a “ However, this is only useful for servers that use relational databases, such as MySQL, MSSQL, Oracle. In the last decade another type of … Read more

WordPress Shielding

Wordpress Shielding

As time goes by this domain gets bigger and bigger… Thanks to you! With less than a year of life, Google Analytics has notified me that in March I surpassed the one thousand monthly users.  This is great news, but at the same time it has made me think that I should retouch a couple … Read more

Tor Network and Deep Web

Tor Network and Deep Web

During the last decade, the deep web has become very well known, everyone has talked about it. And the problem with this fame is that a lot of urban myths have arisen about this part of the Internet. The deep web is the name given to all content that is not included in search engines. … Read more

Google Hacking

Google Hacking

Google is one of the most famous search engines in the world. However, searching Google is an art that many people don’t quite understand. And a case apart are those who prefer to ask you rather than do a simple google search. Luckily, there are awareness pages like lmgtfy Do you want to know how … Read more

Penetration Tester Manual

Penetration Tester Manual

Today I bring a very special post. This publication has been delayed a couple of weeks because I was finishing polishing it, and I wanted it to be perfect. I’ve been working for quite some time on a guide with the basics of pentesting, the different steps that a security auditor takes to perform an ethical … Read more

Physical hacking with USB

Physical hacking with USB

Have you ever been told that if you find a USB stick on the floor, you shouldn’t put it in your computer? Today I’ll show you through a proof of concept why you shouldn’t do it. In this post we will see how to create a malicious USB that can infect a computer in seconds. … Read more

The art of breaking a hash (Hashcat)

The art of breaking a hash (Hashcat)

In this other post I talked about passwords and the conditions that must be met to be considered secure. However, if we enter the world’s strongest password on an insecure site, an attacker who has access to the database will be able to obtain it no matter how long or complicated it is. The question … Read more

Strong Passwords

Strong Passwords

Today we are going to talk about why in recent years we are constantly told that we must establish secure passwords if we want to protect our accounts. I decided to write this post because I recently pentested a client and exploited a SQL Injection vulnerability (you can read more about this vulnerability here) and … Read more

SQL Injection: Introduction

SQL Injection: Introduction

In this new post I’m going to talk about one of the best known and most frequent techniques to find today: SQL injections. I will make a very simple introduction to initiate those who do not know how to perform these types of attacks, and then explain other types of SQL Injection more complicated. The … Read more